EIP-2026-114285
PRE-CVEWordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114285. PoCs published by Evex.
AI-analyzed exploit summary This PoC demonstrates a CSRF vulnerability in the Yet Another Related Posts Plugin (YARPP) for WordPress, allowing an attacker to inject malicious JavaScript via unprotected option updates. The exploit tricks an admin into submitting a form that modifies plugin settings, leading to XSS execution when the injected code is triggered.
Description
WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
Exploits (1)
This PoC demonstrates a CSRF vulnerability in the Yet Another Related Posts Plugin (YARPP) for WordPress, allowing an attacker to inject malicious JavaScript via unprotected option updates. The exploit tricks an admin into submitting a form that modifies plugin settings, leading to XSS execution when the injected code is triggered.